Hello, it’s me. Seriously.

Hi, this is Dave. It’s really me.

No kidding. Honestly, I’m Dave. I’m the real deal, the true article, born smack in the middle of the Boom and raised in Kalamazoo, Michigan (where the city motto is, “Nobody Knows What the Heck It Means Anymore, But Yeah, There’s Still a Kalamazoo”).

I’m Dave, the guy with the deflating bed, aka Uncle Grumpy the grammar grouch, chronicler of old-age indignities, frog attacks, and sex advice for other geezers. Yes, that Dave! Check my photos and fingerprints if you’re not convinced.

Why am I trying to convince you that I’m myself? The other day, I got an emailed receipt and survey from a hotel where I never stayed. A few frantic phone calls revealed that somebody checked in using my name and my old Atlanta address, which were exposed in the big hack of federal employee data a couple of years ago. In other words, my identity has been stolen.

We’re not on the hook for any money, and so far haven’t uncovered any other scams. But it’s disturbing to know there’s a fake me out there. I also have to wonder what kind of putz would heist a normal, boring identity like mine. Why couldn’t he steal from somebody interesting, like Ted Cruz?

Until now, I hadn’t been affected by the breach and was hoping, apparently naively, to remain unscathed. But I can’t sit around worrying either.

If you’re a victim of identity theft or are afraid you might be, the federal government’s resource page is a good place to start. Meanwhile, if you run into somebody claiming to be David Swan, here’s how to tell the Dave from the doppelganger.

1. If he has hair, it ain’t me, babe.
2. He should know all kinds of obscure 60s and 70s music references (like the one in item #1). Ask him to name the duo that inflicted “In The Year 2525” on us, or the title of Norman Greenbaum’s follow-up to “Spirit In The Sky.” (Hint: It involves food.*)
3. Sing the praises of Ohio State and/or Michigan State football. If you don’t hear “Go Blue!” within about 15 seconds, call the gendarmes!
4. If he uses “barbecue” as a verb, he’s counterfeit. This is something I learned from my Southern transplantation. You might also ask him about his favorite meat and three.
5. Get him to reminisce about being a cabdriver or an all-night DJ on an elevator-music radio station.
6. If you’re riding in his car and he has no sense of direction, is the total antithesis of GPS and generally couldn’t find a giraffe in a broom closet, that’s me!

*The tune was “Canned Ham.” This has nothing to do with Canned Heat, a great blues band of the same era. See what I mean about those music references?

Diary of a hacking victim, chapter 1

Exposed. Naked (and not in any good way). Vulnerable. Powerless. Adrift. Apprehensive. Anxious. Frustrated. Overwhelmed. And definitely mad as hell. These are some of the things I’ve felt since learning that I’m among the millions whose precious personal data was lost when the federal Office of Personnel Management got hacked.

When the story broke I figured it was just a matter of time, and sure enough, I now have an email from OPM: “The data compromised in this incident may have included your personal information, such as your name, Social Security number, date and place of birth, and current or former address.” It goes on to offer credit monitoring and ID theft insurance, and claims OPM has made “an aggressive effort to update its cybersecurity posture.”  All well and good – but a textbook case of locking the barn after the horse is out. The systems are so old they can’t even be encrypted. Didn’t anybody understand the risk?

I’ve had similar problems before, starting the first time I bought something online and had my credit card number hijacked. But you can fix that with a new card, usually with no liability. It’s pretty frightening to think that my SSN, 30+ years of federal employment records, and who knows what else are out there in a hostile cyber-wilderness. As my former boss, National Taxpayer Advocate Nina Olson, has said in her battle against tax-related ID theft, “Identity theft is an invasive crime that can have a traumatic emotional impact,” including symptoms similar to those of post-traumatic stress disorder.

I know there are many, many others facing much more danger than me, especially those in the military, the State Department, intelligence agencies, and other sensitive jobs. I just have no confidence that OPM will right the ship, or that its leaders even grasp the magnitude of their failures and incompetence. That email was signed by the chief information officer. Why not the director? Why can’t she take responsibility?

Update and correction:  In the earlier version of this post, I described the security feature on the credit monitoring site, which says “Please confirm that you are human and not a robot by checking the box below” as likely to be ineffective. I’ve since learned that it works like the traditional captcha feature. Sorry for the error.